Methods And Systems For Managing Metadata In Email Attachments In A Network Environment

ABSTRACT

A method and system for removing metadata from email attachments sent from mobile devices includes receiving an email with an attached document. The attached document has metadata removed to create a cleansed version of the attached document. The attached document is replaced by the cleansed version of the attached document, and the email is sent according to the address or addresses included in the email.

BACKGROUND

1. Field of the Invention

The field of the invention relates generally to systems and methods of providing security for data. More particularly, the preferred embodiment relates to electronic cleaning metadata from email attachments, which may be sent from webmail on Exchange or PDA, handheld or mobile devices such as Blackberry, Treo etc.

2. Related Background

Electronic documents often include metadata relating to changes or prior versions of the document which may not be readily apparent to a person viewing the document in an application. For example, a Word document may include history information which is not displayed to a person viewing the document using Word on a PC (or may not be displayed in all views of a document). This is true for other types of electronic documents, including PDFs, Excel Spreadsheets, etc. Additionally, electronic documents may include additional metadata concerning the document, such as when the document was created, who created the document, etc. While many users may not be concerned with such information, such information may include sensitive or proprietary information that a user, or others, may not wish to share when the electronic document is shared. For example, a user emailing an electronic document may wish not to share some information relating to the history or creation of the document (or the user's employer may wish the user did not share such information outside the company).

The problem of document metadata is made more complicated by the use of smart phones, PDAs, and other mobile devices which may be used to send email, including email with attachments.

Conventional email and document editing and creation systems allow users to share electronic documents, but also allow users to share documents with sensitive metadata. Many desktop based Metadata removal products exist today including Metadata Sweeper by Litera Corp®, Out of Sight by SoftWise™, Protect by Workshare™, Metadata Assistant by Payne Consulting™ and iScrub by Esquire Innovations™, etc. None of these products offer Metadata cleaning of Documents attached to emails sent from PDA, BlackBerry™, Palm Treo™ or other handheld devices. Accordingly, a need exists to reduce the chances of unwanted or unauthorized sharing of metadata, particularly in the context of sharing electronic documents with mobile communications devices.

Accordingly, a need exists to provide an improved system of preventing unwanted or unauthorized transmission of electronic documents with metadata.

BRIEF DESCRIPTION OF THE FIGURES

FIG. 1 is a generalized block diagram illustrating a document that may be used with the preferred embodiments.

FIG. 2 is a generalized block diagram illustrating the process of removing metadata from an electronic document attached to an email, according to one possible embodiment.

FIG. 3 is a generalized block diagram illustrating the process of removing metadata from an electronic document attached to an email, according to one possible embodiment.

FIG. 4 is a generalized block diagram of a process of removing metadata from email attachments, according to one possible embodiment.

SUMMARY

The present invention provides for a computer based system and method for removing metadata from a document attached to an email. An email sent from a mobile device is received by a gateway, email server, or other program. The email is analyzed to determine whether it has an attached document. In the event the email includes an attached document the attached document is analyzed to determine the nature of metadata in the document. If the attached document includes metadata the metadata may be cleaned, or the email and or the attachment may be analyzed to determine whether the metadata is to be removed. If the metadata is to be removed a cleaned version of the attached document is created with the metadata, or the desired portion of the metadata, removed. The attached document is replaced with the cleansed version of the attached document, and the email is sent according to the address (or addresses) included in the email (or other delivery instructions specified in either the email or at the gateway, email server or other program). A copy of the cleansed document may be retained. A person, for example a user or administrator, may be notified of the attempt to send a document with metadata, or a person may be given the option of allowing over-ride cleansing the metadata and sending the original attached document with the metadata. A log of all attachments that were cleaned of Metadata may be optionally saved for any desired duration.

DETAILED DESCRIPTION

The present invention is described in the context of a specific embodiment. This is done to facilitate the understanding of the features and principles of the present invention and the present invention is not limited to this embodiment. In particular, the present invention is described in the context of a computer system used to compare, edit, view and/or modify electronic documents.

FIG. 1 is a generalized block diagram illustrating a document 100 that may be used with the preferred embodiments. Document 100 includes primary data 101 and metadata 102. Primary data, in the presently preferred embodiment, includes the information content of the document. By way of example, a document including the play Romeo and Juliet by William Shakespeare would have as the primary data the content information, the prose and words of the play. Additionally, in the presently preferred embodiment, the primary data may include formatting data, such as data on page breaks, paragraph separation and format, text size and type, etc. In the present example metadata 102 may include the author or creator of the document, original name of the document, the time and date the document was created and/or modified, version or history information on the document, including changes made by one or multiple users with user identification, editing time, etc.

FIG. 2 is a generalized block diagram illustrating the process of removing metadata 201 from an electronic document 202 attached to an email 203. The email 204 is sent from a mobile electronic device 205. In the presently preferred embodiment, electronic device is an end-user device, such as a smart phone or PDA, or other mobile electronic device capable of sending an email with an attachment. The email 203 may be sent to a gateway 206 which implements the metadata removal process described below, or the email may be sent to an email server 207, or to another program in communication with the email server. In the event the email is sent from the electronic device to the email server, the email server may send the email with the attached document to the gateway, or the email server may perform the metadata removal process. In the event the metadata removal is performed by the gateway 206, the email 203 with the attached document with the metadata removed is sent to the email server 207. Alternatively, the email with the attachment with the metadata removed may be sent from the email server if the email server performs the process of removing the metadata from the attachment. In yet another embodiment, the gateway may receive the email with the attachment from the email server, and perform the process of removing the metadata from the attachment at the gateway, and the email with the attached document with the metadata removed may be sent or forwarded by the gateway.

FIG. 3 is a generalized block diagram illustrating the process 300 of removing metadata from an electronic document attached to an email sent from a mobile electronic device. At step 301 the email is received from the mobile electronic device. In the presently preferred embodiment, the email is received prior to the email being received by an email server, such as Microsoft Exchange Server or similar email servers. Alternate embodiments may receive the email from an email server, or the present process may be performed by an email server or computer program in communication with the email server.

At step 302 the received email is analyzed to determine whether it has an attachment. If at step 302 it is determined that the received email has an attachment, then the process proceeds to step 304. If at step 302 it is determined that the received email does not have an attachment, the process proceeds to step 303. At step 303 the email is sent according to the addressing information contained in the email. The email may be sent to an email server for sending, or if the process 300 is being performed by the email server step 303 may be the process of sending email according to the processes and protocols of the email server.

In the presently preferred embodiment, at step 304 the attached electronic document is analyzed first analyzed for document type. As an example MS OFFICE (e.g. Word), PDF, text (.txt), etc. Next, the documents are for metadata. If at step 304 the attached electronic document contains metadata that the user or administrator has selected as “to be removed” (Metadata properties can be pre configured to remove some or all metadata), then at step 305 the metadata is removed from the attached electronic document. The metadata may be removed from the attached electronic document by invoking a metadata removal application, for example: Metadata Sweeper by Litera®, Metadata Assistant by Payne OCnsulting™, iScrub by Esquire™ Innovations™, Protect by Workshare™, Out of Sight by Softwise™, etc. At step 306 a cleansed version of the attached electronic document is created from the output of step 305. In the presently preferred embodiment, the cleansed version of the attached electronic document contains all of the primary data of the electronic document, but without the metadata associated with the attached electronic document. In one alternative embodiment, step 305 removes only a portion of the metadata of the original document, the portion removed which may be configurable or in accordance with a metadata removal policy. In the presently preferred embodiment, the cleansed version of the attached electronic document has all of the same attributes, such as the ability to edit and modify the document.

At step 307 the cleansed version of the attached electronic document, or cleansed electronic document, is used to replace the attached electronic document in the received email. At step 308 the received email, with the cleansed electronic document attached, is sent. In one preferred embodiment, the email is sent to an email server, which would then handle the email according to the addressing information and instructions. In alternate embodiments the email server may have already performed the necessary sending operation and the process 300 is an after-sending check to prevent unauthorized or unwanted transmission of metadata. In another alternative embodiment, the process 300 may be performed by the email server, and step 308 may include the process of sending the email performed by the email server.

At step 309 cleansed version of the attached electronic document may be saved, either on a server, in attached or networked storage, or on the end-user's electronic device.

Alternate embodiments of the present invention may alert the end user that the attached electronic document has been cleansed prior to transmitting a cleansed version. Additionally, alerts may be sent to an admin, or a log of an attempted sending of an un-cleansed document may be stored and/or reported.

While process 300 describes the intercept of all emails with attachments, alternate embodiments could determine whether to intercept an email according to one or more policies or algorithms. For example, policies may be used to determine whether to cleanse an email according to sender, recipient, type of attachment, aspects of primary data, aspects of metadata, etc.

FIG. 4 is a generalized block diagram of a process 400 of removing metadata from email attachments. At step 401 the email is received from a mobile electronic device. In the presently preferred embodiment, the email is received prior to the email being received by an email server, such as Microsoft Exchange Server or similar email servers. Alternate embodiments may receive the email from an email server, or the present process may be performed by an email server.

At step 402 the received email is analyzed to determine whether it has an attachment. If at step 402 it is determined that the received email has an attachment, then the process proceeds to step 404. If at step 402 it is determined that the received email does not have an attachment, the process proceeds to step 403. At step 403 the email is sent according to the addressing information contained in the email. The email may be sent to an email server, or if the process 400 is being performed by the email server step 403 may include sending email according to the processes and protocols of the email server.

At step 404 the attached document is analyzed to determine whether to remove metadata from the attached document. A cleansing policy is compared to the information obtained from analyzing the attached document to determine whether the attached document is to be cleansed prior to sending the document. The cleaning policy may specify certain types of metadata such as document properties, specific aspects of metadata, for example specific authors, titles, etc., or any other type of metadata that may be included in a document.

If at step 404 the determination is made that the attached document is not to be cleansed, i.e., the attached document will not have metadata removed, then the process proceeds to step 409 where the email with the attached document is sent.

If at step 404 the determination is made to cleanse the attached document, then the process proceeds to step 405 where the attached electronic document is analyzed for metadata. If at step 405 the attached electronic document contains metadata, then at step 406 the pre specified (ether as a default preference, a configured preference, etc.) metadata is removed from the attached electronic document. The metadata may be removed from the attached electronic document by invoking a metadata removal application, such as the examples listed above or other such programs. At step 407 a cleansed version of the attached electronic document is created from the output of step 406. In the presently preferred embodiment, the cleansed version of the attached electronic document contains all of the primary data of the electronic document, but without the metadata associated with the attached electronic document. In the presently preferred embodiment, the cleansed version of the attached electronic document has all of the same attributes, such as the ability to edit and modify the document.

At step 408 the cleansed version of the attached electronic document, or cleansed electronic document, is used to replace the attached electronic document in the received email. At step 409 the received email, with the cleansed electronic document attached, is sent. In one preferred embodiment, the email is sent to an email server, which would then handle the email according to the addressing information and instructions. In alternate embodiments the email server may have already performed the necessary sending operation and the process 400 is an after-sending check to prevent unauthorized or unwanted transmission of metadata. In another alternative embodiment, the process 400 may be performed by the email server, and step 409 may include the process of sending the email performed by the email server.

At step 410 cleansed version of the attached electronic document may be saved, either on a server, in attached or networked storage, or on the end-user's electronic device.

Alternate embodiments of the present invention may alert the end user that the attached electronic document has been cleansed prior to transmitting a cleansed version. Additionally, alerts may be sent to an admin, or a log of an attempted sending of an un-cleansed document may be stored and/or reported. Still other embodiments may include seeking confirmation from a person (the sender, an administrator, or another) before cleaning and replacing the attached document, or before sending a cleansed version of the attached document.

While process 300 and 400 were described in the context of a single attachment of an email, multiple attachments, either of the same document type or of multiple document types, may be analyzed and cleansed prior to sending an email.

The invention has been described with reference to particular embodiments. However, it will be readily apparent to those skilled in the art that it is possible to embody the invention in specific forms other than those of the preferred embodiments described above. This may be done without departing from the spirit of the invention.

Thus, the preferred embodiment is merely illustrative and should not be considered restrictive in any way. The scope of the invention is given by the appended claims, rather than the preceding description, and all variations and equivalents which fall within the range of the claims are intended to be embraced therein. 

1.-20. (canceled)
 21. A computer-based system for transmitting an electronic document, comprising: an intermediate computer that is remote from an electronic device sending an email message, the intermediate computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: receiving the email message from the electronic device, the email message having a delivery address, determining that the email message has an attached document including metadata, automatically creating a cleansed version of the attached document by removing at least a portion of the metadata from the attached document, replacing in the email message the attached document with the cleansed version of the attached document, and sending the email message with the cleansed version of the attached document from the intermediate computer to the delivery address.
 22. The system of claim 21, wherein the processor performs the removing operation by invoking a metadata removal application.
 23. The system of claim 21, wherein the operations further comprise saving the cleansed version of the attached document.
 24. The system of claim 21, wherein the operations further comprise: notifying an end user associated with the email message that the attached document included metadata.
 25. The system of claim 21, wherein the computer-based system is an email server or internet gateway.
 26. The system of claim 21, wherein the electronic device includes a smart phone, personal digital assistant, a tablet, or a web-mail server.
 27. The system of claim 21, wherein the electronic device includes a web-mail server.
 28. The system of claim 21, wherein automatically creating a cleansed version of the attached document further includes removing only pre-specified types of metadata in accordance with a cleansing policy.
 29. The system of claim 21, wherein the operations further comprise: saving an entry in a log to indicate the email message had the attached document replaced by the cleansed version of the attached document.
 30. A computer-based system for transmitting an electronic document, comprising: an intermediate computer that is remote from a mobile electronic device sending an email message, the intermediate computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: receiving the email message having a delivery address from the mobile electronic device, determining that the email message has an attached document, determining that the attached document is to be cleansed of metadata according to a cleansing policy, automatically removing metadata from the attached document, creating a cleansed version of the attached document at the intermediate computer, replacing in the email message the attached document with the cleansed version of the attached document, and sending the email message with the cleansed version of the attached document from the intermediate computer to the delivery address.
 31. The system of claim 30, wherein the operations further comprise saving the cleansed version of the attached document.
 32. The system of claim 30, wherein the cleansing policy specifies the attached document is to be cleansed if it is an RTF document, a PDF document, a word-processing document, a spreadsheet, a presentation document, a diagram document, or a web page document.
 33. The system of claim 30, wherein the cleansing policy specifies the attached-document is to be cleansed if the attached document comes from a specific user.
 34. The system of claim 30, wherein the cleansing policy specifies the attached document is to be cleansed if the attached document is a company document or a document from a specific department.
 35. The system of claim 30, wherein the cleansing policy specifies the attached document is to be cleansed if the attached document contains a pre-specified type of metadata.
 36. The system of claim 30, wherein the cleansing policy allows a user to choose not to cleanse pre-specified types of metadata.
 37. A computer-based system for preventing unauthorized transmission of metadata in electronic documents, comprising: an intermediate computer that is remote from a mobile electronic device sending an email, the intermediate computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: receiving the email having a delivery address and an attached electronic document sent from the mobile electronic device, the attached electronic document including primary data and metadata, automatically removing the metadata from the attached electronic document at the intermediate computer, and transmitting the received email, including the attached electronic document that has had the metadata removed, from the intermediate computer to a destination associated with the delivery address.
 38. The system of claim 37, wherein only pre-determined types of metadata are removed.
 39. The system of claim 37, wherein the operations further comprise: requesting permission to remove the metadata prior to said removing; and in the event the permission is denied, transmitting the received email with the attached electronic document that includes the metadata.
 40. The system of claim 37, wherein the email is received from a smart phone, a personal digital assistant, a tablet, or a web-mail server.
 41. The system of claim 40, wherein transmitting the received email includes the operation of forwarding the email to an email server.
 42. A computer-based system for cleaning metadata from electronic documents, comprising: an intermediate computer that is remote from a mobile electronic device sending an email, the intermediate computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: intercepting the email sent from the mobile electronic device at the intermediate computer, determining that an electronic document attached to the email includes a pre-determined type of metadata, automatically removing the pre-determined type of metadata from the attached electronic document, and sending the email with the attached electronic document having the pre-determined type of metadata removed.
 43. The system of claim 42, wherein the operations further comprise: creating a cleansed version of the attached electronic document; and replacing in the email the attached electronic document with the cleansed version of the attached electronic document.
 44. The system of claim 42, wherein the cleansed version of the attached electronic document is an RTF document, a PDF document, a word-processing document, a spreadsheet, a presentation document, a diagram document, or a web page document.
 45. A computer-based system for transmitting an electronic document, comprising: an computer that is remote from a device sending a message, the computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: receiving the message, the message including a document including metadata, automatically creating a cleansed version of the document by removing at least a portion of the metadata from the document, replacing the document received with the message with the cleansed version of the document, and transmitting the message with the cleansed version of the document.
 46. The system of claim 45, wherein the message includes an email message.
 47. The system of claim 45, wherein the processor performs the removing operation by invoking a metadata removal application.
 48. The system of claim 45, wherein the processor performs a saving operating by saving the cleansed version of the document.
 49. The system of claim 45, wherein the processor performs a notifying operation by notifying an end user associated with the message that the document included metadata.
 50. The system of claim 45, wherein the computer-based system is an email server or internet gateway.
 51. The system of claim 45, wherein the message is received from a smart phone, personal digital assistant, a tablet, or a web-mail server.
 52. The system of claim 45, wherein the processor performs a notifying operation by notifying an administrator associated with the computer-based system that the document included metadata.
 53. The system of claim 45, wherein automatically creating a cleansed version of the document further includes removing only pre-specified types of metadata in accordance with a cleansing policy.
 54. The system of claim 45, wherein the computer-based system performs a saving operation by saving an entry in a log to indicate the message had the document replaced by the cleansed version of the document.
 55. The system of claim 45, wherein transmitting further includes transmitting the message to a delivery address.
 56. The system of claim 45, wherein transmitting further includes transmitting the message according to delivery instructions.
 57. The system of claim 45, wherein the computer system comprises a series of computers.
 58. A computer-based system for transmitting an electronic document, comprising: an intermediate computer that is remote from a device sending a message, the intermediate computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: receiving the message from the device, the message including a delivery address and a document, determining that the document is to be cleansed of metadata according to a cleansing policy, automatically creating a cleansed version of the document by removing metadata from the document, replacing the document received with the message with the cleansed version of the document, and sending the message with the cleansed version of the document to the delivery address.
 59. The system of claim 58, wherein the processor performs an operation that saves the cleansed version of the document.
 60. The system of claim 58, wherein the cleansing policy specifies the document is to be cleansed if it is an RTF document, a PDF document, a word-processing document, a spreadsheet, a presentation document, a diagram document, or a web page document.
 61. The system of claim 58, wherein the cleansing policy specifies the document is to be cleansed if the document comes from a specific user.
 62. The system of claim 58, wherein the cleansing policy specifies the document is to be cleansed if a document property value of the document matches a pre-specified document property value.
 63. The system of claim 58, wherein the cleansing policy specifies the document is to be cleansed if the document contains a pre-specified type of metadata.
 64. The system of claim 58, wherein the cleansing policy allows a user to choose not to cleanse pre-specified types of metadata.
 65. The system of claim 58, wherein the message includes an email message.
 66. The system of claim 58, the operations further including: determining that the metadata includes a pre-specified type of metadata and responsive thereto, the processor does not perform the creating, replacing, and sending operations.
 67. The system of claim 58, wherein the processor further performs the operation of generating an alert that the message was not sent if the metadata includes a pre-specified type of metadata.
 68. A computer-based system for preventing unauthorized transmission of metadata in electronic documents, comprising: an intermediate computer that is remote from an electronic device sending a message, the intermediate computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: receiving the message having a delivery address and an attached electronic document sent from the electronic device, the attached electronic document including primary data and metadata, automatically removing the metadata from the attached electronic document, and transmitting the message, including the attached electronic document that has had the metadata removed, to a destination associated with the delivery address.
 69. The system of claim 68, wherein the operation of removing the metadata includes removing only pre-determined types of metadata.
 70. The system of claim 68, where the processor further performs the operation of obtaining confirmation before transmitting the message.
 71. The system of claim 68, wherein the processor further performs the operation of generating an alert before transmitting the message.
 72. The system of claim 68, wherein the processor further performs the operations of: requesting permission to remove the metadata prior to removing the metadata; and transmitting the message with the attached electronic document that includes the metadata when the permission is denied.
 73. The system of claim 68, wherein the electronic device includes a smart phone, a personal digital assistant, a tablet, or a web-mail server.
 74. The system of claim 73, wherein the operation of transmitting the message includes forwarding the message to an email server.
 75. A computer-based system for cleaning metadata from electronic documents, comprising: an intermediate computer that is remote from an electronic device sending a message, the intermediate computer including a processor and a memory coupled to the processor, the memory storing instructions to direct the processor to perform operations comprising: intercepting the message sent from the electronic device, the message including a delivery address and an electronic document including metadata, determining that the metadata includes a pre-determined type of metadata, automatically removing the pre-determined type of metadata from the electronic document, and sending the message with the electronic document having the pre-determined type of metadata removed.
 76. The system of claim 75, wherein the processor further performs operations comprising: creating a cleansed version of the electronic document; and replacing in the message the electronic document with the cleansed version of the electronic document.
 77. The system of claim 75, wherein the cleansed version of the electronic document includes an RTF document, a PDF document, a word-processing document, a spreadsheet, a presentation document, a diagram document, or a web page document. 